Category: Privacy/Governance Feed

SIM swapping and “adversary-in-the-middle” can bypass security for accounts on X (formerly Twitter)    – Read More  –  

Apple filed a motion to drop its lawsuit against NSO Group, fears key elements of its cyber defensive measures could be revealed to other spyware vendors    – Read More  –  

Under-fire DNA testing firm 23andMe will pay $30m to settle class action lawsuit    – Read More  –  

Meta has unpaused a project to train AI on Facebook and Instagram posts, despite privacy concerns    – Read More  –  

Nations participating in the event include the US, Canada, EU countries, India, Japan, Singapore, Ghana and Oman    – Read More  –  

An FBI and CISA alert highlighted false claims of breaches of voter registration databases, designed to undermine confidence in US elections    – Read More  –  

Over 600 patients and employees of Lehigh Valley Health Network in Pennsylvania had their medical record photos hacked and posted on the internet    – Read More  –  

Microsoft will introduce new security capabilities for solution providers outside of kernel mode, preventing events like the CrowdStrike global outage    – Read More  –  

Ireland’s Data Protection Commission launches inquiry into whether Google followed GDPR rules over AI model training    – Read More  –  

Ransomware gangs are targeting schools and higher education, with victims facing soaring ransom and recovery costs    – Read More  –  

TfL has revealed that some customer data was accessed in a recent cyber-attack, potentially including the bank details of 5000 people    – Read More  –  

Mastercard aims to strengthen its cybersecurity capabilities by acquiring Recorded Future, a leading provider of threat intelligence    – Read More  –  

Lazarus Group has been observed impersonating Capital One staff to lure developers into downloading malware on open source repositories    – Read More  –  

The UK government has classified data centers as critical infrastructure in a move to protect UK data from cyber-attacks and prevent major IT blackouts    – Read More  –  

New FBI data reveals BEC scams have cost businesses more than $55bn since 2013    – Read More  –  

Endor Labs claims security patches can break underlying open source software 75% of the time    – Read More  –  

Excessive use of remote access tools is leaving operational technology devices vulnerable, with even basic security features missing    – Read More  –  

As the US presidential election draws near, polling company Gallup acts to block XSS vulnerability    – Read More  –  

The Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) reported a 45% increase in cryptocurrency-related scams in 2023    – Read More  –  

The Polish Supreme Court has ruled that a parliamentary commission investigating the previous government’s use of the Pegasus spyware was unconstitutional    – Read More  –  

ISC2 found that the cybersecurity workforce gap is now at 4.8 million, a 19% increase from 2023    – Read More  –  

The Information Commissioner’s Office and National Crime Agency have cemented ties with a memorandum of understanding    – Read More  –  

September’s Patch Tuesday fix-list features scores of CVEs including four zero-day vulnerabilities    – Read More  –  

Highline Public Schools in Washington State have now been closed for two days following the incident    – Read More  –  

TIDRONE group targets military, drone and satellite industries in Taiwan    – Read More  –  

The Justice Department has begun the latest round of fraud reimbursement from the Western Union Remission Fund    – Read More  –  

Researchers have warned that a critical SonicWall vulnerability is being exploited in ransomware attacks    – Read More  –  

Increasingly complex regulations are stretching governance and compliance in organizations, warns the IAPP    – Read More  –  

Distributed denial of service attacks continue to increase, with government the most targeted vertical    – Read More  –  

A cyber-attack on Slim CD, which handles electronic payments for US and Canadian-based merchants, has potentially exposed the credit card details of 1.7 million people    – Read More  –  

A North Carolina resident made over $10m in unlawful royalty payments by producing hundreds of thousands of fake songs listened to by bots using AI    – Read More  –  

Rental hire company Avis has notified 300,000 customers of a data breach    – Read More  –  

Transport for London has revealed several digital services are suspended after a cyber-attack last week    – Read More  –  

The secret web of at least 435 entities across 42 countries making up the spyware landscape facilitates unpunished security and human rights violations, the Atlantic Council found    – Read More  –  

The joint government advisory highlighted the cyber activities of Unit 29155, which has launched destructive cyber-attacks against critical infrastructure globally    – Read More  –  

Revival Hijack Python Package Index supply chain attack threatens 22,000 packages through malicious downloads    – Read More  –  

The first legally binding international treaty on AI was adopted by all 46 Council of Europe member states in May 2024    – Read More  –  

Despite rising threats researchers find a third of firms see flat or falling security budgets and hiring slows    – Read More  –  

Cisco has urged customers to apply software updates to fix the critical vulnerabilities, which could allow attackers to collect sensitive data or administer services    – Read More  –  

A security flaw exploiting side channel attacks means some Yubikeys can be cloned    – Read More  –  

Hackers interested in targeting OnlyFans users have themselves been singled out by an infostealing campaign    – Read More  –  

The DoJ says Russia paid a US company $10m to post disinformation that attracted millions of views online    – Read More  –  

The US White House Office of the National Cyber Director proposes improving internet security by protecting the Border Gateway Protocol    – Read More  –  

US law enforcement is tracking aggressive social engineering attacks against cryptocurrency operations    – Read More  –  

Cisco Talos has assessed that red teaming tool MacroPack is being abused by various threat actors in different geographies to deploy malware    – Read More  –  

The US-based facial recognition data company may even have to pay up to €5.1m in penalties for non-compliance    – Read More  –  

Cyberint claims that initial access brokers target companies with average revenue of nearly $2bn    – Read More  –  

UK’s Financial Ombudsman warns fraud and scams hit a record high in Q2 2024    – Read More  –  

Civil society and journalists’ organizations in Europe ask the EU to take steps to regulate spyware technologies    – Read More  –  

Researchers say password reset attacks have grown fourfold in the last year and one in four password reset attempts are fraudulent    – Read More  –